Burp Suite Cheat Sheet by Codelivly

By /

Listen to this Post

Featured Image
Burp Suite is a powerful platform for performing security testing of web applications. It includes various tools for analyzing and attacking web apps. Below is a detailed breakdown of essential Burp Suite features, commands, and practical usage.

You Should Know:

1. Setting Up Burp Suite

  • Download Burp Suite from PortSwigger.
  • Launch Burp Suite and configure your browser to route traffic through Burp’s proxy (usually 127.0.0.1:8080).

2. Proxy Interception

  • Enable Intercept in the Proxy tab to capture HTTP requests.
  • Modify requests before forwarding them to the server. 
 Example of modifying a request header 
GET /admin HTTP/1.1 
Host: example.com 
User-Agent: BurpSuite-Attacker 
Cookie: admin=true

3. Repeater Tool

  • Send captured requests to Repeater for manual testing.
  • Modify parameters and headers to test for vulnerabilities like SQLi, XSS, or IDOR. 
 Testing for SQL Injection 
GET /user?id=1' OR '1'='1 HTTP/1.1 
Host: vuln-site.com

4. Intruder for Automated Attacks

  • Use Intruder to brute-force parameters (e.g., passwords, API keys).
  • Configure payload positions and attack types (Sniper, Battering Ram, Pitchfork, Cluster Bomb). 
 Example Intruder payload for brute-forcing login 
POST /login HTTP/1.1 
Host: target.com 
username=admin&password=§payload§

5. Scanner for Automated Vulnerability Detection

  • Run Active Scans to detect SQLi, XSS, CSRF, and other flaws.
  • Review scan results in the Issues tab.

6. Extending Burp with BApps

  • Install extensions like Logger++, Turbo Intruder, or Autorize from the BApp Store.

7. Saving and Exporting Results

  • Save project files (.burp) for later analysis.
  • Export scan reports in HTML or XML format. 
 Example CLI command to export Burp results (via extensions) 
java -jar burp_exporter.jar --input scan.burp --output report.html

What Undercode Say

Burp Suite remains an essential tool for penetration testers and bug bounty hunters. Mastering its features—Proxy, Repeater, Intruder, and Scanner—can significantly improve web app security assessments. Always ensure proper authorization before testing.

Expected Output:

  • Captured HTTP requests in Proxy.
  • Modified requests in Repeater.
  • Brute-force results from Intruder.
  • Vulnerability reports from Scanner.

For further reading, visit:

This expanded guide covers key Burp Suite functionalities with actionable commands and best practices for security professionals.

References:

Reported By: Https: – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: